Email Threads Are Being Hijacked to Spread Malware

attachments, email links, fake emails, Hijacks, multi factor authentication, Ophtek, Updates, , , , , ,
12
Apr 2022

A new method for spreading malware online has been discovered, and it involves taking advantage of email threads to deploy malware loaders.

Email threads can quickly build, especially if there are more than two participants. As such, it can be difficult to keep up with who is saying what and, crucially, who is attaching files to the thread. Accordingly, this creates the perfect scenario for threat actors to get involved and turn the situation to their advantage. And, as a result of a vulnerability in Microsoft Exchange servers, this is exactly what has been happening.

If you work in any modern organization, the chances are that you use email on, at least, an hourly basis to keep up to date with the rest of the world. Therefore, this new threat is one that you need to understand.

How Email Threads are Being Hijacked

This latest campaign is particularly deceptive and relies on the presence of unpatched Microsoft Exchange servers. This email service is commonly used by businesses to synchronize email between an Exchanger server and an email client e.g. Outlook. The vulnerability offered up by these unpatched servers allows hackers to harvest login credentials; the threat actors are then presented with the opportunity to illegally access specific email accounts. Once they are logged in, the hackers can view all the email threads that the account is involved with.

By viewing the various email threads, the hacker can then decide which is best to launch their attack through. All they have to do is choose an email thread and start replying to it. More crucially, they will also attach some infected attachments. These are packaged within a ZIP archive and comprise an ISO file which contains both a DLL file and an LNK file. Once the LNK file is activated, it will run the DLL file and activate the IcedID malware loader. IcedID is a well-known banking trojan which can steal financial information, login credentials and start the installation of further malware.

Protecting Your Emails

First and foremost, it’s vital that you install new updates as soon as they are available. This will instantly minimize the chances of vulnerabilities being exploited on your network. Fail to implement these upgrades, however, and you could fall victim to attacks such as the one we have been discussing. In addition to this, it also pays to take notice of the following:

  • Verify Any Email Attachments: if, in the middle of an email thread, a suspicious file attachment suddenly appears, verify it with the person it appears to have been sent by. However, do not do this over email; if the email account has been compromised then the hacker will simply confirm it is genuine. Instead, speak in-person or over the phone to the sender to get confirmation.
  • Use Multi-Factor Authentication: one of the simplest ways to reduce the impact of stolen login credentials is by strengthening the login procedure with multi-factor authentication. This approach will provide an extra layer of security and ensure that any threat actors will struggle to navigate their way through it.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What is Hacking?

Hackers, Hacking, Hijacks, Ophtek, Security, Viruses, , , , , ,
02
Jul 2019

We all know that hacking goes on. And it certainly goes on in business. But how much do we know about it? The truth is we don’t know as much as we should.

The general consensus is that most people know what a hacker is and how they go about their business. This is why there are so many anti-hacking products available. However, using these products on their own isn’t enough to guarantee safety. In fact there is no guarantee. But you can enhance your protection significantly with an understanding of the basics of hacking. It’s important to know what a hacker is attempting to do. With this in mind you have a much better chance of preventing or resolving the hack.

What is Hacking?

Hacking causes chaos. Lots of chaos. And that’s not an understatement. But what exactly is it? It can be many things, but the basic core of hacking is to compromise devices. These can include PCs, networks and smart devices. Regardless of the device a hacker wants to gain unauthorized access to it. Sometimes this access can be used to steal data and sometimes it can be to cause sabotage. There are a wide range of techniques involved and we’ll take a look at them later.

Who are the Hackers?

The traditional image of a hacker that most people have in their minds isn’t entirely accurate. The pimply nosed, teenage hacker of cartoons may well exist in one form or another, but they’re not the only hacker out there. Due to the financial gain on offer from hacking, a number of criminal gangs are now developing sophisticated hacking methods to earn a nice income. And then there are the political gains that can be provided by hacking. There are a wide range of hackers out there, but identifying them is very difficult as they’re notoriously good at covering their tracks.

What Type of Hacks Are There?

The complexities of IT software and hardware mean that there is the potential for a variety of hacking techniques. Some of the most common methods are:

  • Ransomware: This is every organization’s worst nightmare. A relatively new form of malware, ransomware is spread through malicious emails that encourage recipients to click a link. If these links are clicked then a series of processes are executed that leave the victim’s hard drive encrypted. And the only way to decrypt the files is by paying a cryptocurrency ransom. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More